cm-admin 2.1.4 → 2.2.0

data/docs/RoleManagement.md

@@ -62,6 +62,21 @@ end
 4. Include `CmRole` in the `config.included_models` section of `config/initializers/zcm_admin.rb`.  
 5. Assign `cm_role_id` to `1` for any user in the `User` Model, and use that user to log in.
 
+## Setting up scopes
+
+By default, `Full Access` scopes is added to each permission item. To add additional scopes, use the following syntax:
+
+```ruby
+...
+cm_admin do
+  actions only: []
+  set_icon "fa fa-user"
+  set_policy_scopes [{scope_name: 'test_supplier_filter', display_name: 'By Test Supplier'}]
+  cm_index do
+    page_title 'User'
+  end
+end
+
 ## Overriding Policies
 
 By default, roles and policies are enabled for all models in the application. To override a policy, use the following syntax:
@@ -90,3 +105,24 @@ end
 ```
 
 This structure helps ensure that your application's role and permission management is both flexible and secure.
+
+
+## Permission based fields
+
+We can apply permission logic to display a field on the interface. You can do this with the following syntax.
+
+```ruby
+...
+tab :details, '' do
+  row do
+    cm_show_section 'Details' do
+      field :status, field_type: :tag, tag_class: Item::STATUS_TAG_COLOR, display_if: -> (record) {
+        scoped_model = CmAdmin::ItemPolicy::ArchiveScope.new(Current.user, ::Item).resolve
+        return scoped_model.find_by(id: record.id).present?
+      }
+    end
+  end
+end
+
+```
+

data/lib/cm_admin/model.rb

@@ -31,11 +31,12 @@ module CmAdmin
 
     attr_accessor :available_actions, :actions_set, :available_fields, :additional_permitted_fields,
                   :current_action, :params, :filters, :available_tabs, :icon_name, :bulk_actions, :display_name,
-                  :policy_scopes, :override_policy, :alerts
+                  :policy_scopes, :override_policy, :alerts, :sort_columns, :default_sort_column, :default_sort_direction
     attr_reader :name, :ar_model, :is_visible_on_sidebar, :importer
 
     def initialize(entity, &block)
       @name = entity.name
+      @display_name = entity.name
       @ar_model = entity
       @is_visible_on_sidebar = true
       @icon_name = 'fa fa-th-large'
@@ -48,7 +49,9 @@ module CmAdmin
       @params = nil
       @override_policy = false
       @filters ||= []
-      @policy_scopes ||= [{display_name: 'Full Access', scope_name: 'all'}]
+      @policy_scopes ||= [{ display_name: 'Full Access', scope_name: 'all' }]
+      @sort_columns ||= []
+      @default_sort_direction ||= 'asc'
       @alerts = []
       instance_eval(&block) if block_given?
       actions unless @actions_set
@@ -65,28 +68,28 @@ module CmAdmin
 
     def custom_controller_action(action_name, params)
       current_action = CmAdmin::Models::Action.find_by(self, name: action_name.to_s)
-      if current_action
-        @current_action = current_action
-        @ar_object = @ar_model.name.classify.constantize.find(params[:id])
-        if @current_action.child_records
-          child_records = @ar_object.send(@current_action.child_records)
-          @associated_model = CmAdmin::Model.find_by(name: @ar_model.reflect_on_association(@current_action.child_records).klass.name)
-          if child_records.is_a? ActiveRecord::Relation
-            @associated_ar_object = filter_by(params, child_records)
-          else
-            @associated_ar_object = child_records
-          end
-          return @ar_object, @associated_model, @associated_ar_object
-        end
-        return @ar_object
+      return unless current_action
+
+      @current_action = current_action
+      @ar_object = @ar_model.name.classify.constantize.find(params[:id])
+      if @current_action.child_records
+        child_records = @ar_object.send(@current_action.child_records)
+        @associated_model = CmAdmin::Model.find_by(name: @ar_model.reflect_on_association(@current_action.child_records).klass.name)
+        @associated_ar_object = if child_records.is_a? ActiveRecord::Relation
+                                  filter_by(params, child_records)
+                                else
+                                  child_records
+                                end
+        return @ar_object, @associated_model, @associated_ar_object
       end
+      @ar_object
     end
 
     # Insert into actions according to config block
     def actions(only: [], except: [])
       acts = CmAdmin::DEFAULT_ACTIONS.keys
-      acts = acts & (Array.new << only).flatten if only.present?
-      acts = acts - (Array.new << except).flatten if except.present?
+      acts &= ([] << only).flatten if only.present?
+      acts -= ([] << except).flatten if except.present?
       acts.each do |act|
         action_defaults = CmAdmin::DEFAULT_ACTIONS[act]
         @available_actions << CmAdmin::Models::Action.new(name: act.to_s, verb: action_defaults[:verb], path: action_defaults[:path])
@@ -106,7 +109,7 @@ module CmAdmin
       @icon_name = name
     end
 
-    def override_pundit_policy(override_status=false)
+    def override_pundit_policy(override_status = false)
       @override_policy = override_status
     end
 
@@ -114,7 +117,7 @@ module CmAdmin
       @display_name = name
     end
 
-    def permit_additional_fields(fields=[])
+    def permit_additional_fields(fields = [])
       @additional_permitted_fields = fields
     end
 
@@ -130,17 +133,17 @@ module CmAdmin
       @display_name.present? ? @display_name : @name
     end
 
-    def set_policy_scopes(scopes=[])
-      @policy_scopes = ([{display_name: 'Full Access', scope_name: 'all'}] + scopes).uniq
+    def set_policy_scopes(scopes = [])
+      @policy_scopes = ([{ display_name: 'Full Access', scope_name: 'all' }] + scopes).uniq
     end
 
     # Shared between export controller and resource controller
     def filter_params(params)
       # OPTIMIZE: Need to check if we can permit the filter_params in a better way
-      date_columns = self.filters.select{|x| x.filter_type.eql?(:date)}.map(&:db_column_name)
-      range_columns = self.filters.select{|x| x.filter_type.eql?(:range)}.map(&:db_column_name)
-      single_select_columns = self.filters.select{|x| x.filter_type.eql?(:single_select)}.map(&:db_column_name)
-      multi_select_columns = self.filters.select{|x| x.filter_type.eql?(:multi_select)}.map{|x| Hash["#{x.db_column_name}", []]}
+      date_columns = filters.select { |x| x.filter_type.eql?(:date) }.map(&:db_column_name)
+      range_columns = filters.select { |x| x.filter_type.eql?(:range) }.map(&:db_column_name)
+      single_select_columns = filters.select { |x| x.filter_type.eql?(:single_select) }.map(&:db_column_name)
+      multi_select_columns = filters.select { |x| x.filter_type.eql?(:multi_select) }.map { |x| Hash["#{x.db_column_name}", []] }
 
       params.require(:filters).permit(:search, date: date_columns, range: range_columns, single_select: single_select_columns, multi_select: multi_select_columns) if params[:filters]
     end
@@ -150,74 +153,79 @@ module CmAdmin
     # Controller defined for each model
     # If model is User, controller will be UsersController
     def define_controller
-      klass = Class.new(CmAdmin::ResourceController) do
-        include Pundit::Authorization
-        rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
-
-        $available_actions.each do |action|
-          define_method action.name.to_sym do
-            # controller_name & action_name from ActionController
-            @model = CmAdmin::Model.find_by(name: controller_name.classify)
-            @model.params = params
-            @action = CmAdmin::Models::Action.find_by(@model, name: action_name)
-            @model.current_action = @action
-            send(@action.controller_action_name, params)
-            # @ar_object = @model.try(@action.parent || action_name, params)
+      if $available_actions.present?
+        klass = Class.new(CmAdmin::ResourceController) do
+          include Pundit::Authorization
+          rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
+          $available_actions.each do |action|
+            define_method action.name.to_sym do
+              # controller_name & action_name from ActionController
+              @model = CmAdmin::Model.find_by(name: controller_name.classify)
+              @model.params = params
+              @action = CmAdmin::Models::Action.find_by(@model, name: action_name)
+              @model.current_action = @action
+              send(@action.controller_action_name, params)
+              # @ar_object = @model.try(@action.parent || action_name, params)
+            end
           end
-        end
 
-        def pundit_user
-          Current.user
-        end
+          def pundit_user
+            Current.user
+          end
 
-        private
+          private
 
-        def user_not_authorized
-          flash[:alert] = 'You are not authorized to perform this action.'
-          redirect_to CmAdmin::Engine.mount_path + '/access-denied'
+          def user_not_authorized
+            flash[:alert] = 'You are not authorized to perform this action.'
+            redirect_to CmAdmin::Engine.mount_path + '/access-denied'
+          end
         end
-      end if $available_actions.present?
+      end
       CmAdmin.const_set "#{@name}Controller", klass
     end
 
     def define_pundit_policy(ar_model)
-      klass = Class.new(ApplicationPolicy) do
+      if $available_actions.present?
+        klass = Class.new(ApplicationPolicy) do
+          $available_actions.each do |action|
+            define_method "#{action.name}?".to_sym do
+              return false unless Current.user.respond_to?(:cm_role_id)
+              return false if Current.user.cm_role.nil?
+
+              Current.user.cm_role.cm_permissions.where(action_name: action.name, ar_model_name: ar_model.name).present?
+            end
+          end
+        end
+      end
+      policy = CmAdmin.const_set "#{ar_model.name}Policy", klass
 
-        $available_actions.each do |action|
-          define_method "#{action.name}?".to_sym do
+      $available_actions.each do |action|
+        next if %w[custom_action_modal custom_action create update].include?(action.name)
 
-            return false unless Current.user.respond_to?(:cm_role_id)
-            return false if Current.user.cm_role.nil?
+        klass = Class.new(policy) do
+          def initialize(user, scope)
+            @user = user
+            @scope = scope
+          end
 
-            Current.user.cm_role.cm_permissions.where(action_name: action.name, ar_model_name: ar_model.name).present?
+          define_method :resolve do
+            # action_name = Current.request_params.dig("action")
+            permission = Current.user.cm_role.cm_permissions.find_by(action_name: action.name, ar_model_name: ar_model.name)
+            if permission.present? && permission.scope_name.present?
+              scope.send(permission.scope_name)
+            else
+              scope.all
+            end
           end
-        end
 
-      end if $available_actions.present?
-      policy = CmAdmin.const_set "#{ar_model.name}Policy", klass
+          private
 
-      klass =  Class.new(policy) do
-        def initialize(user, scope)
-          @user = user
-          @scope = scope
+          attr_reader :user, :scope
         end
-    
-        define_method :resolve do
-          action_name = Current.request_params.dig("action")
-          permission = Current.user.cm_role.cm_permissions.find_by(action_name: action_name, ar_model_name: ar_model.name)
-          if permission.present? && permission.scope_name.present?
-            scope.send(permission.scope_name)
-          else
-            scope.all
-          end
-        end
-    
-        private
-    
-        attr_reader :user, :scope
-      end
 
-      policy.const_set 'Scope', klass
+        policy.const_set "#{action.name.classify}Scope", klass
+      end
     end
   end
 end

data/lib/cm_admin/models/dsl_method.rb

@@ -319,6 +319,7 @@ module CmAdmin
         @filters << CmAdmin::Models::Filter.new(db_column_name:, filter_type:, options:)
       end
 
+      # @deprecated: use {#sortable_columns} instead of this method
       # Set sort direction for filters
       # @param direction [Symbol] the direction of sort, +:asc+, +:desc+
       # @example Setting sort direction
@@ -329,6 +330,7 @@ module CmAdmin
         @current_action.sort_direction = direction.to_sym if @current_action
       end
 
+      # @deprecated: use {#sortable_columns} instead of this method
       # Set sort column for filters
       # @param column [Symbol] the column name
       # @example Setting sort column
@@ -374,6 +376,27 @@ module CmAdmin
       def alert_box(header: nil, body: nil, type: nil, partial: nil, display_if: nil, html_attrs: {})
         @section_fields << CmAdmin::Models::Alert.new(header, body, type, partial:, display_if:, html_attrs:)
       end
+
+      # Configure sortable columns for model
+      # @param columns [Array] the array of hash for column and display name
+      # @example Sortable Columns
+      #   sortable_columns([{column: 'id', display_name: 'ID'}, {column: 'updated_at', display_name: 'Last Updated At'}])
+      #
+      # @example Sortable Columns with default column and direction
+      #   sortable_columns([{column: 'id', display_name: 'ID', default: true, default_direction: 'desc'}, {column: 'updated_at', display_name: 'Last Updated At'}])
+      def sortable_columns(columns)
+        @sort_columns = columns
+        default_column = columns.filter do |column|
+          column.key?(:default) || column.key?(:default_direction)
+        end
+        raise ArgumentError, 'only one column can be default' if default_column.size > 1
+        return if default_column.blank?
+
+        default_column = default_column.first
+
+        @default_sort_column = default_column[:column]
+        @default_sort_direction = default_column[:default_direction] if default_column[:default_direction].present?
+      end
     end
   end
 end

data/lib/cm_admin/version.rb

@@ -1,3 +1,3 @@
 module CmAdmin
-  VERSION = '2.1.4'
+  VERSION = '2.2.0'
 end

data/lib/cm_admin/view_helpers/page_info_helper.rb

@@ -39,7 +39,8 @@ module CmAdmin
 
       def custom_action_items(custom_action, current_action_name)
         if custom_action.name.present? && policy([:cm_admin, @model.name.classify.constantize]).send(:"#{custom_action.name}?")
-          if custom_action.display_if.call(@ar_object)
+          scoped_model = "CmAdmin::#{@model.name}Policy::#{custom_action.name.classify}Scope".constantize.new(Current.user, @model.name.constantize).resolve
+          if custom_action.display_if.call(@ar_object) && scoped_model.find_by(id: params[:id])
             case custom_action.display_type
             when :icon_only
               custom_action_icon(custom_action, current_action_name)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cm-admin
 version: !ruby/object:Gem::Version
-  version: 2.1.4
+  version: 2.2.0
 platform: ruby
 authors:
 - Michael
@@ -14,7 +14,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-09-24 00:00:00.000000000 Z
+date: 2024-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: caxlsx_rails
@@ -345,7 +345,6 @@ files:
 - app/assets/stylesheets/cm_admin/dependency/bootstrap/scss/utilities/_api.scss
 - app/assets/stylesheets/cm_admin/dependency/bootstrap/scss/vendor/_rfs.scss
 - app/assets/stylesheets/cm_admin/dependency/flatpickr.min.css
-- app/assets/stylesheets/cm_admin/dependency/fontawesome.all.css
 - app/assets/stylesheets/cm_admin/dependency/jquery-jgrowl.min.css
 - app/assets/stylesheets/cm_admin/helpers/_mixins.scss
 - app/assets/stylesheets/cm_admin/helpers/_variable.scss
@@ -387,6 +386,7 @@ files:
 - app/views/cm_admin/main/_show_as_drawer.html.slim
 - app/views/cm_admin/main/_show_content.html.slim
 - app/views/cm_admin/main/_show_section.html.slim
+- app/views/cm_admin/main/_sort.html.slim
 - app/views/cm_admin/main/_table.html.slim
 - app/views/cm_admin/main/_tabs.html.slim
 - app/views/cm_admin/main/_top_navbar.html.slim